Protecting Circuits from Computationally Bounded and Noisy Leakage

• dc.contributor.author: Faust, Sebastian
• dc.contributor.author: Rabin, Tal
• dc.contributor.author: Reyzin, Leonid
• dc.contributor.author: Tromer, Eran
• dc.contributor.author: Vaikuntanathan, Vinod
• dc.date.issued: 2014-09
• dc.date.submitted: 2014-04
• dc.identifier.issn: 0097-5397
• dc.identifier.issn: 1095-7111
• dc.identifier.uri: http://hdl.handle.net/1721.1/91157
• dc.description.abstract: Physical computational devices leak side-channel information that may, and often does, reveal secret internal states. We present a general transformation that compiles any circuit into a circuit with the same functionality but resilience against well-defined classes of leakage. Our construction requires a small, stateless, and computation-independent leak-proof component that draws random elements from a fixed distribution. In essence, we reduce the problem of shielding arbitrarily complex circuits to the problem of shielding a single, simple component. Our approach is based on modeling the adversary as a powerful observer that inspects the device via a limited measurement apparatus. We allow the apparatus to access all the bits of the computation (except those inside the leak-proof component), and the amount of leaked information to grow unbounded over time. However, we assume that the apparatus is limited in the amount of output bits per iteration and the ability to decode certain linear encodings. While our results apply in general to such leakage classes, in particular, we obtain security against (a) constant-depth circuits leakage, where the leakage function is computed by an $\mathsf{AC}^0$ circuit (composed of NOT gates and unbounded fan-in AND and OR gates); (b) noisy leakage, where the leakage function reveals all the bits of the internal state of the circuit, but each bit is perturbed by independent binomial noise---i.e., flipped with some probability $p$. Namely, for some number $p\in(0,1/2]$, each bit of the computation is flipped with probability $p$, and remains unchanged with probability $1-p$.
• dc.description.sponsorship: Microsoft Research
• dc.description.sponsorship: National Science Foundation (U.S.) (NSF CyberTrust grant CNS-0808907)
• dc.description.sponsorship: United States. Air Force Office of Scientific Research (AFRL grant FA8750-08-1-0088)
• dc.description.sponsorship: IBM Research (Josef Raviv Postdoctoral Fellowship)
• dc.description.sponsorship: European Commission (Marie Curie IEF/FP7 project GAPS, grant 626467)
• dc.description.sponsorship: National Science Foundation (U.S.) (NSF grant 0546614)
• dc.description.sponsorship: National Science Foundation (U.S.) (Grant NSF grant 0831281)
• dc.description.sponsorship: National Science Foundation (U.S.) (NSF grant 1012910)
• dc.description.sponsorship: National Science Foundation (U.S.) (NSF grant 1012798)
• dc.language.iso: en_US
• dc.publisher: Society for Industrial and Applied Mathematics
• dc.relation.isversionof: http://dx.doi.org/10.1137/120880343
• dc.source: Society for Industrial and Applied Mathematics
• dc.type: Article
• dc.identifier.citation: Faust, Sebastian, Tal Rabin, Leonid Reyzin, Eran Tromer, and Vinod Vaikuntanathan. “Protecting Circuits from Computationally Bounded and Noisy Leakage.” SIAM Journal on Computing 43, no. 5 (January 2014): 1564–1614.
• dc.contributor.department: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
• dc.contributor.mitauthor: Vaikuntanathan, Vinod
• dc.contributor.mitauthor: Tromer, Eran
• dc.relation.journal: SIAM Journal on Computing
• dc.eprint.version: Final published version
• dc.identifier.orcid: https://orcid.org/0000-0002-2666-0045